Lucene search

K

[email protected]CVE-2009-0037

HistoryMar 05, 2009 - 2:30 a.m.

CVE-2009-0037

2009-03-0502:30:00

CWE-352

[email protected]

web.nvd.nist.gov

70

curl

libcurl

security

cve-2009-0037

http

remote attacks

6.9 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

80.8%

The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL.

CPENameOperatorVersion
curl:curlcurleq7.10.7
curl:curlcurleq7.10.3
curl:curlcurleq7.3
curl:curlcurleq7.1
curl:curlcurleq6.4
curl:curlcurleq5.11
curl:curlcurleq7.14.1
curl:curlcurleq7.9.1
curl:libcurlcurl libcurleq7.14
curl:curlcurleq6.1beta

Rows per page:

1-10 of 801

References

curl.haxx.se/docs/adv_20090303.html

curl.haxx.se/lxr/source/CHANGES

lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html

lists.vmware.com/pipermail/security-announce/2009/000060.html

secunia.com/advisories/34138

secunia.com/advisories/34202

secunia.com/advisories/34237

secunia.com/advisories/34251

secunia.com/advisories/34255

secunia.com/advisories/34259

secunia.com/advisories/34399

secunia.com/advisories/35766

security.gentoo.org/glsa/glsa-200903-21.xml

slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.476602

support.apple.com/kb/HT4077

wiki.rpath.com/wiki/Advisories:rPSA-2009-0042

www.debian.org/security/2009/dsa-1738

www.redhat.com/support/errata/RHSA-2009-0341.html

www.securityfocus.com/archive/1/501757/100/0/threaded

www.securityfocus.com/archive/1/504849/100/0/threaded

www.securityfocus.com/bid/33962

www.securitytracker.com/id?1021783

www.ubuntu.com/usn/USN-726-1

www.vmware.com/security/advisories/VMSA-2009-0009.html

www.vupen.com/english/advisories/2009/0581

www.vupen.com/english/advisories/2009/1865

www.withdk.com/2009/03/03/curllibcurl-redirect-arbitrary-file-access/

www.withdk.com/archives/Libcurl_arbitrary_file_access.pdf

exchange.xforce.ibmcloud.com/vulnerabilities/49030

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11054

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6074

6.9 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

80.8%

Related for CVE-2009-0037

nessus24 seebug1 openvas48 altlinux2 gentoo1 debiancve1 fedora2 veracode1 ubuntucve1 securityvulns2 redhat1 prion1 debian1 centos2 ubuntu1 slackware1 oraclelinux1 freebsd1 vmware1 threatpost1